Skip to content

Commit

Permalink
Adapt authorizations controller to be scope agnostic, refs socialcast#23
Browse files Browse the repository at this point in the history
  • Loading branch information
BRMatt committed Nov 20, 2011
1 parent dcf0735 commit ea71ebe
Showing 1 changed file with 12 additions and 4 deletions.
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
module Devise
module Oauth2Providable
class AuthorizationsController < ApplicationController
before_filter :authenticate_user!
include Devise::Controllers::InternalHelpers
before_filter :authenticate_scope!

rescue_from Rack::OAuth2::Server::Authorize::BadRequest do |e|
@error = e
Expand Down Expand Up @@ -37,13 +38,13 @@ def authorize_endpoint(allow_approval = false)
if params[:approve].present?
case req.response_type
when :code
authorization_code = current_user.authorization_codes.create(:client => @client, :redirect_uri => @redirect_uri)
authorization_code = resource.authorization_codes.create(:client => @client, :redirect_uri => @redirect_uri)
res.code = authorization_code.token
when :token
access_token = current_user.access_tokens.create(:client => @client).token
access_token = resource.access_tokens.create(:client => @client).token
bearer_token = Rack::OAuth2::AccessToken::Bearer.new(:access_token => access_token)
res.access_token = bearer_token
res.uid = current_user.id
res.uid = resource.id
end
res.approve!
else
Expand All @@ -54,6 +55,13 @@ def authorize_endpoint(allow_approval = false)
end
end
end

# Authenticates the current scope and gets the current resource from the session.
# Taken from devise
def authenticate_scope!
send(:"authenticate_#{resource_name}!", :force => true)
self.resource = send(:"current_#{resource_name}")
end
end
end
end

0 comments on commit ea71ebe

Please sign in to comment.